sql auth vs nt auth in SQL serverWhy is it a bad practice to allow everyone to use the sa login?Using...
Did Amazon pay $0 in taxes last year?
Has a sovereign Communist government ever run, and conceded loss, on a fair election?
Convert an array of objects to array of the objects' values
Does the US political system, in principle, allow for a no-party system?
Who is at the mall?
Is every open circuit a capacitor?
Was it really inappropriate to write a pull request for the company I interviewed with?
Rationale to prefer local variables over instance variables?
Should I use HTTPS on a domain that will only be used for redirection?
Computing the volume of a simplex-like object with constraints
How spaceships determine each other's mass in space?
Why is, for a group scheme of finite type, "smooth" (resp. irreducible) equivalent to "geometrically reduced" (resp. geometrically irreducible)?
How do you make a gun that shoots melee weapons and/or swords?
Practical reasons to have both a large police force and bounty hunting network?
How to chmod files that have a specific set of permissions
Under what conditions would I NOT add my Proficiency Bonus to a Spell Attack Roll (or Saving Throw DC)?
PSPICE - must be 'I' or 'V' error
What is brightness?
Calculate total length of edges in select Voronoi diagram
Align equations with text before one of them
An Undercover Army
What is the meaning of option 'by' in TikZ Intersections
Professor forcing me to attend a conference
Is this nominative case or accusative case?
sql auth vs nt auth in SQL server
Why is it a bad practice to allow everyone to use the sa login?Using multiple Active Directory accounts to connect to SQL ServerIntegrated Security Success on Master, Fails on Other DatabaseDB2 to require password each timeIf the users need INSERT/UPDATE/DELETE permissions, is Windows auth still more secure than SQL Server auth?Cannot connect to SQL Server after setting sa password to blankNo SA password. No SQL Server Management Studio. No OS authenticationsql server authentication login failedCreate SQL Server user with SQL Server AuthentificationIntegrated Authentication vs?
Ok, so everything I read says best practice is to us NT authentication in SQL server. And I can see some advantages to that but using NT auth how do I force users to access the data using only my application and not some other tool such as SSMS? It would seem to me that it would be better to allow only my application to connect to SQL server using SQL auth and password the user does not know and controlling security through the application. Am I missing something here? Is there a way to block SSMS and other database tools from connecting to my application's database?
sql-server authentication
asked May 25 '16 at 18:19
rbarcrbarc
1
bumped to the homepage by Community♦ 12 mins ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
migrated from stackoverflow.com May 26 '16 at 3:24
This question came from our site for professional and enthusiast programmers.
add a comment |
Ok, so everything I read says best practice is to us NT authentication in SQL server. And I can see some advantages to that but using NT auth how do I force users to access the data using only my application and not some other tool such as SSMS? It would seem to me that it would be better to allow only my application to connect to SQL server using SQL auth and password the user does not know and controlling security through the application. Am I missing something here? Is there a way to block SSMS and other database tools from connecting to my application's database?
sql-server authentication
asked May 25 '16 at 18:19
rbarcrbarc
1
bumped to the homepage by Community♦ 12 mins ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
migrated from stackoverflow.com May 26 '16 at 3:24
This question came from our site for professional and enthusiast programmers.
add a comment |
Ok, so everything I read says best practice is to us NT authentication in SQL server. And I can see some advantages to that but using NT auth how do I force users to access the data using only my application and not some other tool such as SSMS? It would seem to me that it would be better to allow only my application to connect to SQL server using SQL auth and password the user does not know and controlling security through the application. Am I missing something here? Is there a way to block SSMS and other database tools from connecting to my application's database?
sql-server authentication
asked May 25 '16 at 18:19
rbarcrbarc
1
Ok, so everything I read says best practice is to us NT authentication in SQL server. And I can see some advantages to that but using NT auth how do I force users to access the data using only my application and not some other tool such as SSMS? It would seem to me that it would be better to allow only my application to connect to SQL server using SQL auth and password the user does not know and controlling security through the application. Am I missing something here? Is there a way to block SSMS and other database tools from connecting to my application's database?
sql-server authentication
sql-server authentication
asked May 25 '16 at 18:19
rbarcrbarc
1
asked May 25 '16 at 18:19
rbarcrbarc
1
asked May 25 '16 at 18:19
rbarcrbarc
1
asked May 25 '16 at 18:19
rbarcrbarc
1
asked May 25 '16 at 18:19
rbarcrbarc
1
1
bumped to the homepage by Community♦ 12 mins ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
bumped to the homepage by Community♦ 12 mins ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
migrated from stackoverflow.com May 26 '16 at 3:24
This question came from our site for professional and enthusiast programmers.
migrated from stackoverflow.com May 26 '16 at 3:24
This question came from our site for professional and enthusiast programmers.
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
Ok, so everything I read says best practice is to us NT authentication in SQL
server
Read more. Please. Because while there are good reasons to do that in certain scenarios, there are good reasons NOT to do it in other scenarios.
And I can see some advantages to that but using NT auth how do I force users
to access the data using only my application and not some other tool such as
SSMS?
Since maybe 25 years or so a standard approach to program applications is to have a SERVER. The user connects to the SERVER and ONLY the server connects to the database. Problem solved.
Am I missing something here?
Stating the obvious: A lot more reading than you did so far.
Is there a way to block SSMS and other database tools from connecting to my
application's database?
Your reading did not get to application passwords in the documentation (https://msdn.microsoft.com/en-us/library/ms181491.aspx is titled CREATE APPLICATION ROLE) which would allow an application to post-authenticate with a password. Not that this is a good approach - but it sis AN approach that was introduce some versions back. This way rights could be on an application, and unless the user knows the role password of the application - out of luck.
But really, the standard approach is to use an application server and only the app server can connect. And often this does not use NT authentication as the connection password is coded in a server config file.
answered May 25 '16 at 18:24
TomTomTomTom
4,13811119
I am not sure that I agree that an intermediate application is the "standard" approach. It is a good approach in some situations. It won't work for us because we do not control that part of the application design. And I agree that the Application Role is not necessarily a good approach.
– rbarc
May 26 '16 at 16:39
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "182"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fdba.stackexchange.com%2fquestions%2f139577%2fsql-auth-vs-nt-auth-in-sql-server%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
Ok, so everything I read says best practice is to us NT authentication in SQL
server
Read more. Please. Because while there are good reasons to do that in certain scenarios, there are good reasons NOT to do it in other scenarios.
And I can see some advantages to that but using NT auth how do I force users
to access the data using only my application and not some other tool such as
SSMS?
Since maybe 25 years or so a standard approach to program applications is to have a SERVER. The user connects to the SERVER and ONLY the server connects to the database. Problem solved.
Am I missing something here?
Stating the obvious: A lot more reading than you did so far.
Is there a way to block SSMS and other database tools from connecting to my
application's database?
Your reading did not get to application passwords in the documentation (https://msdn.microsoft.com/en-us/library/ms181491.aspx is titled CREATE APPLICATION ROLE) which would allow an application to post-authenticate with a password. Not that this is a good approach - but it sis AN approach that was introduce some versions back. This way rights could be on an application, and unless the user knows the role password of the application - out of luck.
But really, the standard approach is to use an application server and only the app server can connect. And often this does not use NT authentication as the connection password is coded in a server config file.
answered May 25 '16 at 18:24
TomTomTomTom
4,13811119
I am not sure that I agree that an intermediate application is the "standard" approach. It is a good approach in some situations. It won't work for us because we do not control that part of the application design. And I agree that the Application Role is not necessarily a good approach.
– rbarc
May 26 '16 at 16:39
add a comment |
Ok, so everything I read says best practice is to us NT authentication in SQL
server
Read more. Please. Because while there are good reasons to do that in certain scenarios, there are good reasons NOT to do it in other scenarios.
And I can see some advantages to that but using NT auth how do I force users
to access the data using only my application and not some other tool such as
SSMS?
Since maybe 25 years or so a standard approach to program applications is to have a SERVER. The user connects to the SERVER and ONLY the server connects to the database. Problem solved.
Am I missing something here?
Stating the obvious: A lot more reading than you did so far.
Is there a way to block SSMS and other database tools from connecting to my
application's database?
Your reading did not get to application passwords in the documentation (https://msdn.microsoft.com/en-us/library/ms181491.aspx is titled CREATE APPLICATION ROLE) which would allow an application to post-authenticate with a password. Not that this is a good approach - but it sis AN approach that was introduce some versions back. This way rights could be on an application, and unless the user knows the role password of the application - out of luck.
But really, the standard approach is to use an application server and only the app server can connect. And often this does not use NT authentication as the connection password is coded in a server config file.
answered May 25 '16 at 18:24
TomTomTomTom
4,13811119
I am not sure that I agree that an intermediate application is the "standard" approach. It is a good approach in some situations. It won't work for us because we do not control that part of the application design. And I agree that the Application Role is not necessarily a good approach.
– rbarc
May 26 '16 at 16:39
add a comment |
Ok, so everything I read says best practice is to us NT authentication in SQL
server
Read more. Please. Because while there are good reasons to do that in certain scenarios, there are good reasons NOT to do it in other scenarios.
And I can see some advantages to that but using NT auth how do I force users
to access the data using only my application and not some other tool such as
SSMS?
Since maybe 25 years or so a standard approach to program applications is to have a SERVER. The user connects to the SERVER and ONLY the server connects to the database. Problem solved.
Am I missing something here?
Stating the obvious: A lot more reading than you did so far.
Is there a way to block SSMS and other database tools from connecting to my
application's database?
Your reading did not get to application passwords in the documentation (https://msdn.microsoft.com/en-us/library/ms181491.aspx is titled CREATE APPLICATION ROLE) which would allow an application to post-authenticate with a password. Not that this is a good approach - but it sis AN approach that was introduce some versions back. This way rights could be on an application, and unless the user knows the role password of the application - out of luck.
But really, the standard approach is to use an application server and only the app server can connect. And often this does not use NT authentication as the connection password is coded in a server config file.
answered May 25 '16 at 18:24
TomTomTomTom
4,13811119
Ok, so everything I read says best practice is to us NT authentication in SQL
server
Read more. Please. Because while there are good reasons to do that in certain scenarios, there are good reasons NOT to do it in other scenarios.
And I can see some advantages to that but using NT auth how do I force users
to access the data using only my application and not some other tool such as
SSMS?
Since maybe 25 years or so a standard approach to program applications is to have a SERVER. The user connects to the SERVER and ONLY the server connects to the database. Problem solved.
Am I missing something here?
Stating the obvious: A lot more reading than you did so far.
Is there a way to block SSMS and other database tools from connecting to my
application's database?
Your reading did not get to application passwords in the documentation (https://msdn.microsoft.com/en-us/library/ms181491.aspx is titled CREATE APPLICATION ROLE) which would allow an application to post-authenticate with a password. Not that this is a good approach - but it sis AN approach that was introduce some versions back. This way rights could be on an application, and unless the user knows the role password of the application - out of luck.
But really, the standard approach is to use an application server and only the app server can connect. And often this does not use NT authentication as the connection password is coded in a server config file.
answered May 25 '16 at 18:24
TomTomTomTom
4,13811119
answered May 25 '16 at 18:24
TomTomTomTom
4,13811119
answered May 25 '16 at 18:24
TomTomTomTom
4,13811119
answered May 25 '16 at 18:24
TomTomTomTom
4,13811119
4,13811119
I am not sure that I agree that an intermediate application is the "standard" approach. It is a good approach in some situations. It won't work for us because we do not control that part of the application design. And I agree that the Application Role is not necessarily a good approach.
– rbarc
May 26 '16 at 16:39
add a comment |
I am not sure that I agree that an intermediate application is the "standard" approach. It is a good approach in some situations. It won't work for us because we do not control that part of the application design. And I agree that the Application Role is not necessarily a good approach.
– rbarc
May 26 '16 at 16:39
I am not sure that I agree that an intermediate application is the "standard" approach. It is a good approach in some situations. It won't work for us because we do not control that part of the application design. And I agree that the Application Role is not necessarily a good approach.
– rbarc
May 26 '16 at 16:39
I am not sure that I agree that an intermediate application is the "standard" approach. It is a good approach in some situations. It won't work for us because we do not control that part of the application design. And I agree that the Application Role is not necessarily a good approach.
– rbarc
May 26 '16 at 16:39
add a comment |
Thanks for contributing an answer to Database Administrators Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fdba.stackexchange.com%2fquestions%2f139577%2fsql-auth-vs-nt-auth-in-sql-server%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
